How to Reset root Password in Linux

This tutorial explains how to reset the root password in Linux step by step with examples. Forget
or lost root password in Linux, there is no need to buy any expensive tool or software to reset
the root password. We can easily reset the root password in Linux through the inbuilt recovery
options.

Recovery options are the part of boot package in Linux. These options are available at the first
screen of boot process. These options allow us to access the Linux file system in emergency
situation. In this tutorial we will learn how to use these tools to reset the lost or forgotten root
password.

Resetting root password from recovery options

Restart the system and on boot screen select the second line and press e key

Recovery options include several tools and features which if used incorrectly, can crash the entire
system. For this reason, usually administrators keep these options protected with password.

If these options are protected with username and password, in next screen we have to
authenticate the access with assigned user name and password.

If you have also lost the username and password which are required to access the recovery
options or simply want to learn process of setting and removing recovery options password, see
this tutorial
How to Reset GRUB Password
It explains how to set, unset, configure, recover or remove GRUB password in Linux step by step.

Authenticate the access with username and password (if configured)

If authentication is successful (or if authentication is not configured), we will get recovery
options in next screen.

Now find the line which starts with linux16 /vmlinuz……….

In this line, change configuration value ro to rw init=/sysroot/bin/sh and press Ctrl+x keys
combination to start the system with updated configuration

This change forces Linux to start in emergency mode. Emergency mode mounts installed Linux
in /sysroot directory and provides a recovery prompt for troubleshooting.
Now run following commands

#chroot /sysroot
#passwd
New password:
Retype new password:
#touch /.autorelabel
#reboot –f

First command changes recovery prompt in fully functional shell prompt. After this command,
whatever command we will execute, will be executed as it is executed from installed Linux.

Second command without any argument changes root user’s password. Type the new password
when it prompts for password and re-type the same password again to verify the new password.

Third command re-labels all SELinux security contexts.

Fourth command restarts the system.

Following figure illustrates above process steps by steps

Since SELinux re-labels all security contexts, booting process will take a little bit extra time. Once
relabeling is finished, system will restart again.
After restart, use the password which we set in above steps to login from root

A successful login confirms that root password has been changed.

This way we can easily reset the forgotten or lost root password through recovery options
without any third party tool or software.

Troubleshooting
You may face two issues in this process

1. Linux does not start in emergency mode

2. Linux does not boot after this process

Linux does not start in emergency mode

If configuration value is changed incorrectly, Linux will ignore the incorrect value and will start
normally. For example following figure shows an incorrect change in configuration value

To solve this issue, restart the system and change configuration value properly.

Change made in configuration values affect only running session. Once system is restarted, all
configuration values are set to their default values.
Linux does not boot after this process

If necessary command for SELinux context relabeling is skipped, system will not boot after this
process. For example, following figure shows skipped command for SELinux
SELinux actively monitors and protects Linux file system from any unauthorized access and
modification. SELinux checks entire file system at boot time to verify that file system is exactly
in same state as it was when last time system was shut down. If SELinux detects any change in
file system, it will halt the booting process and block the affected process.

To learn how SELinux works in Linux, see this tutorial

SELinux Explained with examples
It explains basic concepts of SELinux and how to configure and manage SELinux effectively in
Linux with practical examples.

In this example, we updated the root password. Linux stores password in /etc/passwd. When we
updated root password, this file changed from its previous state. Since we made this change
without notifying SELinux about this change, SELinux halts the boot process at next time and
blocks the login process.

If system is booting in GUI, it will display only black screen without any error or warning.

If system is booting in CLI, it may display login prompt. But login process will not work. Since
SELinux block process is based on file and the same file (/etc/passwd) which was changed while
we updated the root password is used to store the passwords of all users, login process will not
work for all users.
Tips

If you see blank screen after the restart, press CTRL+ALT+F2 and login with any regular user. If
system lets you login, black screen issue is not related with SELinux. But if, system does not let
you login even with correct username and password, this issue is definitely related with SELinux.

To solve this issue, access recovery prompt by following the same process again and run
following commands to fix the issue.

Once SELinux issue is fixed, GUI login screen will be available again with working login process
and functionality.

If you still face any issue or unable to reset the root password, just drop me a mail. I will help you
in resetting the root password. If you are able to reset the root password with this method, let
the other know by sharing it through your favorite social network.